Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2018-20188

Disclosure Date: December 17, 2018 (last updated November 27, 2024)
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
0
0
Attacker Value
Unknown

CVE-2018-20136

Disclosure Date: December 13, 2018 (last updated November 27, 2024)
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.
0
0
Attacker Value
Unknown

CVE-2018-20137

Disclosure Date: December 13, 2018 (last updated November 27, 2024)
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.
0
0